We maintain the highest standards of confidentiality, but we have a professional obligation to disclose if a client or others are at risk, if a court order is received and a legal obligation arises. Please be aware though Dr Lenihan’s services are not for emergencies or urgent help. If you are ever in a state of crisis or emergency, please contact a crisis line such as Samaritans (08457 90 90 90), call 999, or go to your local Accident and Emergency Department.
Dr Lenihan has regular supervision and also consults GenderCare colleagues around client care, in accordance with good professional practice. The content of counselling or psychotherapy sessions will not be disclosed outside of anonymised discussion in clinical supervision without client consent, unless there is a professional requirement to disclose as above. Dr Lenihan’s practice manager has access to client data as required for administration of clinical care and arranging appointments.
We take reasonable steps to ensure personal information is secure, in line with General Data Protection Regulations, British Psychological Society and Health Care Professions Council guidelines on confidentiality, but email, text, telephone, video and online systems can never be made 100% proof against professional data theft. Letters or reports are sent via first class post or password protected via email (recommended end to end encrypted) to clients, and agreed outside agencies. We communicate information with selected clinical colleagues and within GenderCare using an end-to-end encrypted email service (Protonmail) to provide an extra layer of security. Please see https://protonmail.com/privacy-policy for further details on how Protonmail manages and processes user data. We provide relevant information to other health care providers involved in client’s care (such as the NHS or private organisations) and discuss clinical care as agreed with the client. Email communication with other agencies (for example, client’s GP or themselves) cannot be guaranteed the same level of security after the information has left our service. Consenting to continued communication by email, confirms client understanding that this can be an insecure method of communication. Clients are advised to use an encrypted email service provider such as Protonmail for greater security. Email communication of details relating to client care may be required with other agencies, where emails received relate to care with them and need immediate attention and if the client consents for their details to be passed on in this way.
Clinical records are stored electronically on encrypted media and a GDPR compliant practice management system WriteUpp, with a high level of security, for at least the minimum legal period following completion of care. Records may be needed to be lawfully retained for a longer period as required by Dr Lenihan’s professional registration body or insurer. Clients have the right to ask for a copy of their personal information free of charge and to ask for any incorrect information about them to be amended or erased. They have the right to ask for any information to be erased, which is no longer held for legitimate interests. This includes personal information that is no longer relevant to original purposes. In all cases and when considering such requests, these rights are obligatory unless it’s information that we have a legal obligation to retain, such as above. For the purposes of the General Data Protection Regulations (GDPR) 2018, the data controller is Dr Penny Lenihan. In proceeding with booking an appointment, clients are consenting to the transfer of their data to WriteUpp as a data processor, please see http://www.writeupp.com/privacy for details of how they manage data. We use client contact details for the legitimate purpose of arrangement and provision of care. Clients consent to provide contact details for communication by email (for arranging appointments, general communication around care and to send password protected reports), post (to send any reports and/or care related correspondence) and mobile phone (for Two-Factor Authentication). Clients can contact us via firstname.lastname@example.org to discuss this further at any time.
Payment for appointments is in advance and generally via the payment platform Paypal for added security and efficient management of payments, via credit card, debit card or Paypal account. Clients are asked to provide an email address for invoicing as part of the booking in process and consent to transfer of this email address for invoicing to the PayPal system. Paypal may link this email address to other data that it already holds on you. You can see how Paypal manages and processes user data at http://www.paypal.com/uk.
We hope that clients are happy with any service provided and are encouraged to contact us in the first instance to resolve any concerns and provide any positive feedback. The professional body for statutory regulation of practitioner psychologists is the Health Care Professions Council (HCPC).